bob
/
westdc-zf1
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

西部数据中心中文版增加了登录时的验证码机制

This commit is contained in:
Li Jianxuan 2011-12-28 06:37:46 +00:00
parent bb6fc19be4
commit 8c3e99dde4
2 changed files with 384 additions and 349 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

603
application/default/controllers/AccountController.php
View File

@ -1,300 +1,303 @@
<?php
class AccountController extends Zend_Controller_Action
{
function indexAction()
{
$this->_redirect('/');
}
function init()
{
$this->messenger=$this->_helper->getHelper('FlashMessenger');
}
function postDispatch()
{
//$this->view->messages = $this->messenger->getMessages();
}
function preDispatch()
{
$this->view->config = Zend_Registry::get('config');
$this->_request->setParam('return', $this->_request->getServer('REQUEST_URI'));
//$this->db=Zend_Registry::get('db');
$this->view->messages = $this->messenger->getMessages();
}
function registerAction()
{
$form = new RegisterForm();
$this->view->form = $form;
if ($this->_request->isPost()) {
$formData = $this->_request->getPost();
if ($form->isValid($formData)) {
$ut = new UsersTable();
$u = $ut->createRow();
$u->username = $form->getValue('username');
$u->password = $form->getValue('password');
$u->email=$form->getValue('email');
if ($form->getValue('realname')) $u->realname=$form->getValue('realname');
if ($form->getValue('phone')) $u->phone=$form->getValue('phone');
if ($form->getValue('address')) $u->address=$form->getValue('address');
if ($form->getValue('unit')) $u->unit=$form->getValue('unit');
if ($form->getValue('project')) $u->project=$form->getValue('project');
if ($u->save()) {
//发送欢迎邮件
$mail=new WestdcMailer($this->view->config->smtp);
$body=file_get_contents($this->view->config->register->email->template);
$body=str_replace("[username]",$formData['username'],$body);
$mail->setBodyText($body);
$mail->setFrom($this->view->config->service->email,'西部数据中心服务组');
$mail->addTo($formData['email']);
//中文标题有乱码在1.5版本中尚未解决
//ref: http://framework.zend.com/issues/browse/ZF-2532
$mail->setSubject('欢迎使用中国西部环境与生态数据中心');
$mail->send();
//自动登录系统
$this->login($formData['username'],$formData['password']);
$this->_redirect('/');
}
} else {
$form->populate($formData);
}
}
}
function editAction()
{
$form=new UsereditForm();
$this->view->form=$form;
$auth = Zend_Auth::getInstance();
$user = $auth->getIdentity();
if ($this->_request->isPost()) {
$formData = $this->_request->getPost();
if ($form->isValid($formData)) {
//save user info
$ut=new UsersTable();
$row=$ut->fetchRow('id='.$formData['id']);
if (md5($formData['oldpassword'])==$row->password && $formData['password']) {
//修改密码
$row->password=md5($formData['password']);
}
if ($formData['email']) $row->email=$formData['email'];
if ($formData['phone']) $row->phone=$formData['phone'];
if ($formData['realname']) $row->realname=$formData['realname'];
if ($formData['unit']) $row->unit=$formData['unit'];
if ($formData['address']) $row->address=$formData['address'];
if ($formData['project']) $row->project=$formData['project'];
$row->save();
//todo:更新session信息
}
} else {
/*$formData['id']=$user->id;
$formData['email']=$user->email;
$formData['phone']=$user->phone;
$formData['realname']=$user->realname;
$formData['unit']=$user->unit;
$formData['address']=$user->address;
$formData['project']=$user->project;*/
$ut=new UsersTable();
$row=$ut->fetchRow('id='.$user->id);
$formData['email']=$row->email;
$formData['phone']=$row->phone;
$formData['realname']=$row->realname;
$formData['unit']=$row->unit;
$formData['address']=$row->address;
$formData['project']=$row->project;
$formData['id']=$row->id;
$form->populate($formData);
}
}
function loginAction()
{
$form = new LoginForm();
$success=false;
$message='';
$this->view->form = $form;
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity()) $this->_redirect('/account');
if ($this->_request->isPost()) {
$formData = $this->_request->getPost();
if ($form->isValid($formData)) {
if (!$this->login($formData['username'],$formData['password']))
{
$this->messenger->addMessage('登录失败,请检查您的用户名和密码。');
} else $success=true;
}
if(!$success) {
$flashMessenger = $this->_helper->getHelper('FlashMessenger');
$flashMessenger->setNamespace('actionErrors');
$flashMessenger->addMessage($message);
$this->_redirect('/account/login');
} else
{
$tohref = $this->_request->getParam('href');
if(!empty($tohref))
{
$this->_redirect($tohref);
}else{
$this->_redirect($this->_request->getParam('return'));
}
}
} else {
//$formData['redirect'] = $redirect;
//$form->populate($formData);
}
}
function logoutAction()
{
$auth = Zend_Auth::getInstance();
$auth->clearIdentity();
require_once 'member.php';
$mb=new member();
$mb::flushcookie();
$this->_redirect('/');
}
private function default_login($u,$p)
{
$auth = Zend_Auth::getInstance();
$db=Zend_Registry::get('db');
$authAdapter = new Zend_Auth_Adapter_DbTable($db);
$authAdapter->setTableName('users')
->setIdentityColumn('username')
->setCredentialColumn('password');
$authAdapter->setIdentity($u)->setCredential(md5($p));
$result = $auth->authenticate($authAdapter);
if ($result->isValid()) {
// success: store database row to auth's storage
$data = $authAdapter->getResultRowObject(null,'password');
$auth->getStorage()->write($data);
$db->query("update users set ts_last_login=now() where username=?",array($u));
if ($this->_request->getParam('remember')) {
$sql="select usertype from users where username='$u'";
$rs=$db->query($sql);
$row=$rs->fetch();
if($row['usertype']!='administrator')
{
require_once 'member.php';
$mb = new member();
$mb -> putcookie($u,md5($p));
}
}
return true;
}
return false;
}
private function aspnet_login($p,$salt,$password)
{
$p1=implode("\x00",str_split($p))."\x00";
$ball=base64_decode($salt).$p1;
return trim($password)==base64_encode(sha1($ball,true));
}
// 首先判断是否存在salt
// 若有salt则按照aspnet membership加密算法进行判断
function login($u,$p)
{
$ut= new UsersTable();
$db=$ut->getAdapter();
$sql="select password,salt from users where username=?";
$uq=$db->query($sql,array($u));
if ($urow=$uq->fetchObject())
{
if (empty($urow->salt))
return $this->default_login($u,$p);
else {
//进行判断并进行转换到默认
if ($this->aspnet_login($p,$urow->salt,$urow->password))
{
$sql="update users set password=md5(?),salt='' where username=?";
$db->query($sql,array($p,$u));
return $this->default_login($u,$p);
} else
return false;
}
} else {
//没有对应的用户,登录失败
return false;
}
}
function fetchpwdAction()
{
$ut= new UsersTable();
$db=$ut->getAdapter();
$form = new LostpwdForm();
$key=$this->_request->getParam('key');
$login=$this->_request->getParam('login');
if (empty($key) && empty($login)) {
$this->view->form = $form;
if ($this->_request->isPost()) {
$formData = $this->_request->getPost();
if ($form->isValid($formData)) {
$sql="select * from users where email=?";
$uq=$db->query($sql,array($formData['email']));
if ($urow=$uq->fetchObject())
{
//email the url to user
$username=$urow->username;
$sql="update users set activation=? where email=?";
$uid=uniqid();
$db->query($sql,array($uid,$formData['email']));
$mail=new WestdcMailer($this->view->config->smtp);
$body="尊敬的西部数据中心用户:
有人提出了针对此用户名的密码重置请求。
用户名:";
$body.=$username;
$body.="
若想重置您的密码请打开下面的链接,否则请忽略此邮件,一切如常。
";
$body.="http://westdc.westgis.ac.cn/account/fetchpwd/".$username."/".$uid;
$mail->setBodyText($body);
$mail->setFrom($this->view->config->service->email,'西部数据中心服务组');
$mail->addTo($formData['email']);
$mail->setSubject('密码已重置');
$mail->send();
$this->view->messages[]='请检查您的新邮件中的确认激活链接。';
$this->view->form=false;//do not echo form
} else
$this->messenger->addMessage('对不起,没有找到对应的电子邮件地址。');
}
} else
$this->view->messages[]='请输入您的电子邮件地址。您将通过电子邮件收到新密码。';
} else {
$sql="select * from users where username=? and activation=?";
$uq=$db->query($sql,array($login,$key));
$tmp_pwd=uniqid();
if ($urow=$uq->fetchObject())
{
$sql="update users set salt='',activation='',password=md5('".$tmp_pwd."') where username=? and activation=?";
$db->query($sql,array($login,$key));
$mail=new WestdcMailer($this->view->config->smtp);
$body="尊敬的西部数据中心用户:
您的密码已修改。
用户名:";
$body.=$login;
$body.="密码:".$tmp_pwd;
$body.="
http://westdc.westgis.ac.cn/account/login";
$mail->setBodyText($body);
$mail->setFrom($this->view->config->service->email,'西部数据中心服务组');
$mail->addTo($urow->email);
$mail->setSubject('您的新密码');
$mail->send();
$this->view->messages[]='请查收您新邮件中的新密码';
$this->view->form=false;//do not echo form
}
}
}
}
<?php
class AccountController extends Zend_Controller_Action
{
function indexAction()
{
$this->_redirect('/');
}
function init()
{
$this->messenger=$this->_helper->getHelper('FlashMessenger');
}
function postDispatch()
{
//$this->view->messages = $this->messenger->getMessages();
}
function preDispatch()
{
$this->view->config = Zend_Registry::get('config');
$this->_request->setParam('return', $this->_request->getServer('REQUEST_URI'));
//$this->db=Zend_Registry::get('db');
$this->view->messages = $this->messenger->getMessages();
}
function registerAction()
{
$form = new RegisterForm();
$this->view->form = $form;
if ($this->_request->isPost()) {
$formData = $this->_request->getPost();
if ($form->isValid($formData)) {
$ut = new UsersTable();
$u = $ut->createRow();
$u->username = $form->getValue('username');
$u->password = $form->getValue('password');
$u->email=$form->getValue('email');
if ($form->getValue('realname')) $u->realname=$form->getValue('realname');
if ($form->getValue('phone')) $u->phone=$form->getValue('phone');
if ($form->getValue('address')) $u->address=$form->getValue('address');
if ($form->getValue('unit')) $u->unit=$form->getValue('unit');
if ($form->getValue('project')) $u->project=$form->getValue('project');
if ($u->save()) {
//发送欢迎邮件
$mail=new WestdcMailer($this->view->config->smtp);
$body=file_get_contents($this->view->config->register->email->template);
$body=str_replace("[username]",$formData['username'],$body);
$mail->setBodyText($body);
$mail->setFrom($this->view->config->service->email,'西部数据中心服务组');
$mail->addTo($formData['email']);
//中文标题有乱码在1.5版本中尚未解决
//ref: http://framework.zend.com/issues/browse/ZF-2532
$mail->setSubject('欢迎使用中国西部环境与生态数据中心');
$mail->send();
//自动登录系统
$this->login($formData['username'],$formData['password']);
$this->_redirect('/');
}
} else {
$form->populate($formData);
}
}
}
function editAction()
{
$form=new UsereditForm();
$this->view->form=$form;
$auth = Zend_Auth::getInstance();
$user = $auth->getIdentity();
if ($this->_request->isPost()) {
$formData = $this->_request->getPost();
if ($form->isValid($formData)) {
//save user info
$ut=new UsersTable();
$row=$ut->fetchRow('id='.$formData['id']);
if (md5($formData['oldpassword'])==$row->password && $formData['password']) {
//修改密码
$row->password=md5($formData['password']);
}
if ($formData['email']) $row->email=$formData['email'];
if ($formData['phone']) $row->phone=$formData['phone'];
if ($formData['realname']) $row->realname=$formData['realname'];
if ($formData['unit']) $row->unit=$formData['unit'];
if ($formData['address']) $row->address=$formData['address'];
if ($formData['project']) $row->project=$formData['project'];
$row->save();
//todo:更新session信息
}
} else {
/*$formData['id']=$user->id;
$formData['email']=$user->email;
$formData['phone']=$user->phone;
$formData['realname']=$user->realname;
$formData['unit']=$user->unit;
$formData['address']=$user->address;
$formData['project']=$user->project;*/
$ut=new UsersTable();
$row=$ut->fetchRow('id='.$user->id);
$formData['email']=$row->email;
$formData['phone']=$row->phone;
$formData['realname']=$row->realname;
$formData['unit']=$row->unit;
$formData['address']=$row->address;
$formData['project']=$row->project;
$formData['id']=$row->id;
$form->populate($formData);
}
}
function loginAction()
{
$form = new LoginForm();
$success=false;
$message='';
$this->view->form = $form;
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity()) $this->_redirect('/account');
if ($this->_request->isPost()) {
$formData = $this->_request->getPost();
if ($form->isValid($formData)) {
if (!$this->login($formData['username'],$formData['password']))
{
$this->messenger->addMessage('登录失败,请检查您的用户名和密码。');
} else $success=true;
}
if(!$success) {
$flashMessenger = $this->_helper->getHelper('FlashMessenger');
$flashMessenger->setNamespace('actionErrors');
$flashMessenger->addMessage($message);
$this->_redirect('/account/login');
} else
{
$tohref = $this->_request->getParam('href');
if(!empty($tohref))
{
$this->_redirect($tohref);
}else{
$this->_redirect($this->_request->getParam('return'));
}
}
} else {
//$formData['redirect'] = $redirect;
//$form->populate($formData);
}
}
function logoutAction()
{
$auth = Zend_Auth::getInstance();
$auth->clearIdentity();
require_once 'member.php';
$mb=new member();
member::flushcookie();
$this->_redirect('/');
}
private function default_login($u,$p)
{
$auth = Zend_Auth::getInstance();
$db=Zend_Registry::get('db');
$authAdapter = new Zend_Auth_Adapter_DbTable($db);
$authAdapter->setTableName('users')
->setIdentityColumn('username')
->setCredentialColumn('password');
$authAdapter->setIdentity($u)->setCredential(md5($p));
$result = $auth->authenticate($authAdapter);
if ($result->isValid()) {
// success: store database row to auth's storage
$data = $authAdapter->getResultRowObject(null,'password');
$auth->getStorage()->write($data);
$db->query("update users set ts_last_login=now() where username=?",array($u));
if ($this->_request->getParam('remember')) {
$sql="select usertype from users where username='$u'";
$rs=$db->query($sql);
$row=$rs->fetch();
if($row['usertype']!='administrator')
{
require_once 'member.php';
$mb = new member();
$mb -> putcookie($u,md5($p));
}
}
return true;
}else
{
return false;
}
return false;
}
private function aspnet_login($p,$salt,$password)
{
$p1=implode("\x00",str_split($p))."\x00";
$ball=base64_decode($salt).$p1;
return trim($password)==base64_encode(sha1($ball,true));
}
// 首先判断是否存在salt
// 若有salt则按照aspnet membership加密算法进行判断
function login($u,$p)
{
$ut= new UsersTable();
$db=$ut->getAdapter();
$sql="select password,salt from users where username=?";
$uq=$db->query($sql,array($u));
if ($urow=$uq->fetchObject())
{
if (empty($urow->salt))
return $this->default_login($u,$p);
else {
//进行判断并进行转换到默认
if ($this->aspnet_login($p,$urow->salt,$urow->password))
{
$sql="update users set password=md5(?),salt='' where username=?";
$db->query($sql,array($p,$u));
return $this->default_login($u,$p);
} else
return false;
}
} else {
//没有对应的用户,登录失败
return false;
}
}
function fetchpwdAction()
{
$ut= new UsersTable();
$db=$ut->getAdapter();
$form = new LostpwdForm();
$key=$this->_request->getParam('key');
$login=$this->_request->getParam('login');
if (empty($key) && empty($login)) {
$this->view->form = $form;
if ($this->_request->isPost()) {
$formData = $this->_request->getPost();
if ($form->isValid($formData)) {
$sql="select * from users where email=?";
$uq=$db->query($sql,array($formData['email']));
if ($urow=$uq->fetchObject())
{
//email the url to user
$username=$urow->username;
$sql="update users set activation=? where email=?";
$uid=uniqid();
$db->query($sql,array($uid,$formData['email']));
$mail=new WestdcMailer($this->view->config->smtp);
$body="尊敬的西部数据中心用户:
有人提出了针对此用户名的密码重置请求。
用户名:";
$body.=$username;
$body.="
若想重置您的密码请打开下面的链接,否则请忽略此邮件,一切如常。
";
$body.="http://westdc.westgis.ac.cn/account/fetchpwd/".$username."/".$uid;
$mail->setBodyText($body);
$mail->setFrom($this->view->config->service->email,'西部数据中心服务组');
$mail->addTo($formData['email']);
$mail->setSubject('密码已重置');
$mail->send();
$this->view->messages[]='请检查您的新邮件中的确认激活链接。';
$this->view->form=false;//do not echo form
} else
$this->messenger->addMessage('对不起,没有找到对应的电子邮件地址。');
}
} else
$this->view->messages[]='请输入您的电子邮件地址。您将通过电子邮件收到新密码。';
} else {
$sql="select * from users where username=? and activation=?";
$uq=$db->query($sql,array($login,$key));
$tmp_pwd=uniqid();
if ($urow=$uq->fetchObject())
{
$sql="update users set salt='',activation='',password=md5('".$tmp_pwd."') where username=? and activation=?";
$db->query($sql,array($login,$key));
$mail=new WestdcMailer($this->view->config->smtp);
$body="尊敬的西部数据中心用户:
您的密码已修改。
用户名:";
$body.=$login;
$body.="密码:".$tmp_pwd;
$body.="
http://westdc.westgis.ac.cn/account/login";
$mail->setBodyText($body);
$mail->setFrom($this->view->config->service->email,'西部数据中心服务组');
$mail->addTo($urow->email);
$mail->setSubject('您的新密码');
$mail->send();
$this->view->messages[]='请查收您新邮件中的新密码';
$this->view->form=false;//do not echo form
}
}
}
}

130
application/models/LoginForm.php
View File

@ -1,50 +1,82 @@
<?php
class LoginForm extends Zend_Form
{
public function __construct($options = null)
{
parent::__construct($options);
$this->setName('login');
$username = new Zend_Form_Element_Text('username');
$username->setLabel('用户名')
->setRequired(true)
->addFilter('StripTags')
->addFilter('StringTrim')
->addValidator('NotEmpty');
$password=new Zend_Form_Element_Password('password');
$password->setLabel('密码')->setRequired(true);
$remember=new Zend_Form_Element_Checkbox('remember');
$remember->setLabel('记住我');
$id = new Zend_Form_Element_Hidden('id');
$submit = new Zend_Form_Element_Submit('submit');
$submit->setLabel('登录');
$submit->setAttrib('id', 'submitbutton');
$this->addElements(array($id, $username, $password, $remember, $submit));
$this->clearDecorators();
$this->addDecorator('FormElements')
->addDecorator('HtmlTag', array('tag' => '<ul>','class'=>'loginform'))
->addDecorator('Form');
$this->setElementDecorators(array(
array('ViewHelper'),
array('Errors'),
array('Description'),
array('Label', array('separator'=>' ')),
array('HtmlTag', array('tag' => 'li', 'class'=>'element-group')),
));
// buttons do not need labels
$submit->setDecorators(array(
array('ViewHelper'),
array('Description'),
array('HtmlTag', array('tag' => 'li', 'class'=>'submit-group')),
));
}
<?php
class LoginForm extends Zend_Form
{
public function __construct($options = null)
{
parent::__construct($options);
$this->setName('login');
$username = new Zend_Form_Element_Text('username');
$username->setLabel('用户名')
->setRequired(true)
->addFilter('StripTags')
->addFilter('StringTrim')
->addValidator('NotEmpty');
$password=new Zend_Form_Element_Password('password');
$password->setLabel('密码')->setRequired(true);
$remember=new Zend_Form_Element_Checkbox('remember');
$remember->setLabel('记住我');
$id = new Zend_Form_Element_Hidden('id');
$submit = new Zend_Form_Element_Submit('submit');
$submit->setLabel('登录');
$submit->setAttrib('id', 'submitbutton');
$this->addElements(array($id, $username, $password, $remember));
$this->clearDecorators();
$this->addDecorator('FormElements')
->addDecorator('HtmlTag', array('tag' => '<ul>','class'=>'loginform'))
->addDecorator('Form');
/*
$this->setElementDecorators(array(
array('ViewHelper'),
array('Errors'),
array('Description'),
array('Label', array('separator'=>' ')),
array('HtmlTag', array('tag' => 'li', 'class'=>'element-group')),
));
*/
$captcha = $this->addElement('captcha', 'captcha', array(
'captcha' => array(
// First the type...
'captcha' => 'Image',
// Length of the word...
'wordLen' => 6,
'fontsize'=>16,
'width' => 100,
'height' => 38,
'dotNoiseLevel'=>2,
// Captcha timeout, 5 mins
'timeout' => 300,
// What font to use...
'font' => '../data/fonts/ggbi.ttf',
// Where to put the image
'imgDir' => 'vdimg/',
// URL to the images
// This was bogus, here's how it should be... Sorry again :S
'imgUrl' => '/vdimg',
),
'label' => '验证码'
));
/*
// buttons do not need labels
$submit->setDecorators(array(
array('ViewHelper'),
array('Description'),
array('HtmlTag', array('tag' => 'li', 'class'=>'submit-group')),
));
*/
$this->addElements(array($submit));
}
}